华为S5300交换机802.1x和静态mac绑定功能冲突

    近期对华为S5300交换机启用802.1x认证之后，由于接入端口的接入终端固定，所以想同时做一个静态mac地址绑定，但发现配置失败。

情况一

    如果接入端口下，接入终端已经通过802.1x认证，则配置静态mac地址绑定时，会报错，配置不上去；因为此时接入端口已经可以学习到mac地址，而且mac地址类型是authen，执行静态mac地址绑定时，则提示“Error: The MAC address entry of another type already exists.”，另一种类型的mac地址条目存在。

[S5352]disp dot1x interface GigabitEthernet 0/0/39

 GigabitEthernet0/0/39 status: UP  802.1x protocol is Enabled
  Port control type is Auto
  Authentication method is MAC-based
  Reauthentication is disabled
  Maximum users: 256
  Current users: 1       
  Guest VLAN is disabled
  Critical VLAN is disabled
  Restrict VLAN is disabled

  Authentication Success: 1          Failure: 0     
  EAPOL Packets: TX     : 9          RX     : 9       
  Sent      EAPOL Request/Identity Packets  : 1   
            EAPOL Request/Challenge Packets : 7   
            Multicast Trigger Packets       : 0   
            EAPOL Success Packets           : 1   
            EAPOL Failure Packets           : 0   
  Received  EAPOL Start Packets             : 1   
            EAPOL Logoff Packets            : 0   
            EAPOL Response/Identity Packets : 1   
            EAPOL Response/Challenge Packets: 7   

 Online user(s) info:
 UserId   MAC/VLAN            AccessTime              UserName
 ------------------------------------------------------------------------------
 988      000f-4103-211f/500  2018/04/23 15:33:46     Alice          
 ------------------------------------------------------------------------------
 Total 1,1 printed
[S5352]
[S5352]mac-address static 000f-4103-211f GigabitEthernet 0/0/39 vlan 500
Error: The MAC address entry of another type already exists.
[S5352]
[S5352]
[S5352]disp mac-address GigabitEthernet 0/0/39
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI                          Learned-From        Type      
-------------------------------------------------------------------------------
000f-4103-211f 500/-                             GE0/0/39            authen    

-------------------------------------------------------------------------------
Total items displayed = 1 

[S5352]

情况二

    如果接入端口下，还没有接入终端通过802.1x认证，则静态mac地址绑定命令可以成功执行，但是，802.1x认证管控已经失效，接入端口下带终端不需要认证，都可以直接接入网络。

华为研发确认

    咨询了华为400，研发确认我所使用的华为S5300交换机（软件版本：Version 5.110 (S5300 V200R001C00SPC300)），确认存在802.1x和静态mac绑定功能冲突，两个功能只能取其一。